[gnome-build-meta/staging-3-30: 1/6] .gitlab-ci.yml: push the flatpak runtimes to gbm.gnome.org

[Abderrahim Kitouni <akitouni src gnome org>]

commit adb696a7df38a845f76e4142424de48e7ec1b181
Author: Abderrahim Kitouni <akitouni gnome org>
Date:   Thu Sep 6 13:06:43 2018 +0100

    .gitlab-ci.yml: push the flatpak runtimes to gbm.gnome.org
    
    Based on a patch by Jordan Petridis <jpetridis gnome org>

 .gitlab-ci.yml | 49 +++++++++++++++++++++++++++++++++++++++++++------
 1 file changed, 43 insertions(+), 6 deletions(-)
---
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index ae4a731..6623ab7 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -7,6 +7,7 @@ variables:
   BST_SHA: '301a393cb6499b3f869d74827a9e8dc61b97d00e' #  1.1.7
   BST_EXTERNAL_SHA: 'ab9b37b5b52a7b2f62ddf17a68b76512da538291' # 0.5.0
   FLATPAK_BRANCH: "3.30"
+  FLATPAK_SERVER_ADDRESS: 'gbm.gnome.org'
 
 stages:
   - build
@@ -34,8 +35,8 @@ before_script:
   - git -C bst-external/ checkout $BST_EXTERNAL_SHA
   - pip3 install bst-external/
 
-  # and flatpak to export the flatpak runtimes
-  - dnf install -y flatpak
+  # flatpak and rsync to generate and transfer the flatpak runtimes
+  - dnf install -y flatpak rsync
 
   # Ensure the log directory exists
   - mkdir -p logs
@@ -58,20 +59,56 @@ before_script:
           push: true
     EOF
 
+  # and ssh key for pushing to the flatpak repo
+  # FIXME: Protect the key
+  - |
+    if [ -n "$GITLAB_SSH_KEY" ]; then
+        mkdir -p ~/.ssh
+
+        echo "$GITLAB_SSH_KEY" > ~/.ssh/id_rsa
+        chmod 600 ~/.ssh/id_rsa
+
+        cat >> ~/.ssh/config << EOF
+    Host gbm-builder.gnome.org
+        User gbm
+        ProxyJump bastion.gnome.org
+        Hostname vpn.gbm-builder.gnome.org
+
+    Host bastion.gnome.org
+        User gbm
+    EOF
+
+        # Trust the host key of the jump host and release server
+        cat > ~/.ssh/known_hosts << EOF
+    |1|Ec1eaTSoDQshjIpoIPouJCw40R4=|wG59JbBlwNW2K3kznnH7OUZYEhA= ssh-rsa 
AAAAB3NzaC1yc2EAAAABIwAAAQEAz8HWpA/W/0c/jV9+nU9zyZVUjw8flLksl6BNkcM3s12AMJXTG6qLJ+qVeQwI20eDkTioLLQYgOmMsmmFsO68vlivuxHYfAvjFHui6TkDVGXJS3lPGyOCqVwRmpyG0GnrfRWdsdgrYEo6sGbParkRb/ZfXxOuUXg3wWXMmeMyWXhkb09b1uYZTUjuruJpJTQ9kIC3CH8bdl7oiq2ffd+KdAykTkzkq+kFNizNRe0uBKtkcDgYpAZGOPCEJjpjwvDrWinXoE7rvE8zMfAv2/CP5AM4D+8yHrFgWz9tOexJyNsfJAZmQjg5rWuoeYow9tTVNWVloRU3tvF8OvVprgwPAw==
+    |1|DdY9PAqPg4LrkwIatwAUs3JLOXU=|fJqmuz18y1bJLarIIqckB1dH/ts= ecdsa-sha2-nistp256 
AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAGixpYwAfvRyHOlqpKnrpo3iG5zPjQNL0hcay90SlNMfZ4W6+QUoFTZ/rQXDQFbBrOgTXzFDEQxKxxo350n6dw=
+    EOF
+
+    fi
+
 .build-template: &build
   stage: build
   dependencies: []
   script:
     - ${BST} -o arch "${ARCH}" build core.bst flatpak-runtimes.bst
-    - |
-      mkdir runtimes
 
+    # checkout the runtimes
+    - |
       for runtime in platform platform-locale sdk sdk-debug sdk-docs sdk-locale; do
         bst -o arch "${ARCH}" checkout --hardlinks "flatpak/${runtime}.bst" "runtimes/${runtime}"
-        flatpak build-export --arch="${ARCH}" --files=files repo/ "runtimes/${runtime}" "${FLATPAK_BRANCH}"
+        flatpak build-export --arch="${ARCH}" --no-update-summary --files=files repo/ "runtimes/${runtime}" 
"${FLATPAK_BRANCH}"
       done
 
-    # TODO: push the resulting runtime to sdk.gnome.org
+    - BRANCHES=$(find repo/refs/heads/ -type f | grep "${ARCH}/${FLATPAK_BRANCH}" | sed s,repo/refs/heads/,,)
+
+    # push the resulting runtimes to gbm.gnome.org
+    # FIXME: Only push from protected branches
+    - |
+      if [[ ${CI_COMMIT_REF_NAME} == "staging-3-30" ]]; then
+        rsync -a repo/ gbm-builder.gnome.org:incoming/repo-${CI_JOB_ID}
+        ssh gbm-builder.gnome.org gbm-flatpak-scripts/import-commits.sh incoming/repo-${CI_JOB_ID} 
${BRANCHES}
+        ssh gbm-builder.gnome.org rm -rf incoming/runtimes-${CI_JOB_ID}
+      fi
 
   # Store all the downloaded git and ostree repos in the distributed cache.
   # This saves us fetching them from the different repos and further afield